A hacker returned after two years of inactivity and deposited $5.4M in stolen funds into Twister Money after swapping DAI for ETH.
An attacker linked to a earlier theft has resumed onchain exercise after practically two years of dormancy.
Blockchain knowledge reveals stolen funds at the moment are being deposited into Twister Money, with actions accelerating over current days.
Dormant Theft Handle Turns into Energetic Once more
The theft handle, recognized as 0xFe7e039cC5034436C534d5E21A8619A574e206F8, confirmed no notable exercise for nearly two years.
This era of inactivity ended when funds started transferring once more onchain.
Blockchain information point out the handle transferred property with out warning. Observers famous the timing recommended a deliberate return fairly than random motion.
The renewed exercise drew consideration because of the dimension of the funds concerned. The handle had beforehand been linked to stolen property.
Funds Shifted From DAI to ETH
In response to Specter, earlier than interacting with Twister Money, the theft handle moved about $5.8 million in DAI.
The switch went to a newly created pockets. The contemporary pockets then swapped the DAI for ETH, altering the asset sort earlier than additional motion.
The attacker has resumed exercise after practically two years of dormancy and is now depositing stolen funds into Twister Money.
A complete of $5.4M has been deposited to this point.
Previous to this, the theft handle transferred $5.8M DAI to a contemporary pockets, which was subsequently swapped for… https://t.co/6hZWByeuRQ pic.twitter.com/67vx2CLk6U
— Specter (@SpecterAnalyst) January 26, 2026
Such swaps are sometimes used to arrange funds for privateness instruments. ETH is often used for Twister Money deposits.
After the swap, the ETH stability was damaged into smaller parts. These parts had been then despatched to Twister Money contracts.
$5.4M Deposited Into Twister Money
Blockchain knowledge reveals that about $5.4 million has been deposited into Twister Money to this point. The deposits adopted a transparent and repeated sample.
The attacker despatched 100 ETH in twenty separate transactions. Extra deposits included three transfers of 10 ETH.
Smaller deposits had been additionally made. These included eight transfers of 1 ETH and 9 transfers of 0.1 ETH.
This sample is in line with prior Twister Money utilization. Such conduct is usually meant to mix deposits with others.
The deposits occurred over a number of transactions as a substitute of 1 giant switch. This strategy can complicate transaction evaluation.
Associated Studying: Hacker Who Stole $282 million Final Week, Launders $63M Through Twister Money: CertiK
Onchain Monitoring and Present Standing
Regardless of the usage of Twister Money, elements of the transaction path stay seen. Analysts can nonetheless observe deposits and timing patterns.
No withdrawal transactions linked to the attacker have been confirmed but. The funds stay inside Twister Money swimming pools.
The exercise suggests a cautious and delayed technique. The lengthy dormancy might have been supposed to cut back consideration.
Safety observers proceed to watch associated addresses. Any future withdrawals may reveal extra hyperlinks.
The case provides to current examples of delayed fund actions. It reveals how stolen property can resurface years later.
As of now, $5.4 million has been deposited. Additional actions might comply with if the attacker continues the exercise.